Mark Zuckerberg has risked making Facebook users even angrier than they already are by failing to commit to extending General Data Protection Regulation (GDPR) privacy protections to everyone on the site.

He told Reuters that he agrees “in spirit” with the EU law, which is set to come into effect next month, but couldn’t guarantee that Facebook users based in non-European countries would be given all of the same protections.

With the arrival of the data protection regulation, the social network, which is currently embroiled in a serious data privacy scandal, will have to give users based in the EU more control over how their personal data is collected and used.

Zuckerberg said Facebook would like to make such privacy guarantees for all of its users, but would have to make exceptions.

He didn’t explain what those would be, but added that, “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing”. It suggests that Facebook could soon start handling users’ data very differently, depending on where in the world they’re based.

Earlier this week, Zuckerberg lashed out at Apple CEO Tim Cook, who had criticised the social network in light of the Cambridge Analytica scandal. “You know, I find that argument, that if you’re not paying that somehow we can’t care about you, to be extremely glib and not at all aligned with the truth,” the Facebook chief said.